AMENDMENTS TO THE CLAIMS 



Claims 1-9, 11-15, 17-22, 24-34, 36-43, and 45-50 were previously pending. 
Claims 46-50 are canceled herein. 
Claim 51 is new. 

Claims 1, 12, 14, 19, 26, and 38 are currently amended. 

The following listing of claims replaces all prior versions and listings of claims in the 
application. 

1. (Currently Amended) A method to estimate security requirements needed to 
execute managed code comprising: 

simulating the execution of all execution paths of one or more assemblies in 
managed code, wherein an assembly comprises one or more files versioned and deployed 
as a unit, wherein the managed code is a managed shared library or an executablei 
wherein all managed code is contained within the one or more assemblies ; and 

finding a set of required permissions for each execution path by one or more 
simulated stack walks that each include a plurality of the assemblies, wherein each call in 
each execution path has a corresponding permissions set , and wherein the simulated stack 
walk comprises: 

entering a public entry point of a method in the assembly; 

gathering a permission set for the method; 

determining whether the method calls another method; 

gathering a permission set for the called method; and 



creating a union of the gathered permission sets . 



2. (Original) The method as defined in Claim 1, wherein the execution paths for 
only one said assembly in managed code are simulated to find the set of required 
permissions for each said execution path by a union of the permissions for each said 
execution path. 

3. (Original) The method as defined in Claim 1 , wherein: 

the one or more assemblies in managed code correspond to an application; and 
the set of required permissions for each said execution path comprises a union of 
the permissions for each said execution path. 

4. (Original) The method as defined in Claim 1, wherein: 

the assemblies in managed code correspond to a shared library; and 
the set of required permissions for each said execution path comprises one 
separate permission set per entry point in the shared library. 

5. (Original) The method as defined in Claim 1, wherein the set of required 
permissions for each said execution path comprises a union of the permissions for each 
said execution path. 

6. (Original) The method as defined in Claim 1, wherein one of more of the 
calls in at least one said execution path is an cross assembly call. 



7. (Original) The method as defined in Claim 1, wherein: 

the managed code is built to make use of a common language runtime; 
each said assembly is packaged as an executable entity or as a data link library 
entity and 

each said assembly includes one or more methods. 

8. (Original) The method as defined in Claim 7, wherein the simulation of the 
execution of each said execution path comprises a simulation of the flow of argument 
data using intra and extra method data flow analysis for each said method. 

9. (Original) The method as defined in Claim 1, wherein when the executable 
has permissions to execute that are not less than a union of permission sets for each said 
execution path, any dynamic execution of the executable will not trigger a security 
exception. 

10. (Cancelled) 

11. (Previously Presented) A computer readable storage medium having a 
tangible component including machine readable instructions for implementing the 
method as defined in Claim 1 . 



12. (Currently Amended) In a managed code environment, a method comprising: 
simulating calling from one assembly to another for which a permission set is 

required, wherein the simulation comprises one or more simulated stack walks that 
include two or more of the assemblies, each assembly being managed code in a library of 
corresponding to an application , and wherein the simulated stack walk comprises: 

entering a public entry point of a method in the assembly; 

gathering a permission set for the method; 

determining whether the method calls another method; 

for each called method: 

gathering a permission set for the called method; and 

determining whether the called method calls a subsequent method; and 

creating a union of the gathered permission sets ; 

repeating the calling for each assembly in the managed code and for all possible 
execution paths of the managed code; 

repeating the entering for each public entry point in the library; and 
finding the union of the permission[[s]] sets corresponding to each call. 

13. (Previously Presented) The method as defined in Claim 12, wherein the 
managed code environment comprises: 

a managed code portion including: 

the assemblies; and 

a virtual machine; 
a native code portion including: 



an execution engine for the virtual machine; and 
an operating system under the execution engine. 

14. (Currently Amended) The method as defined in Claim 12, wherein: 
the managed code is built to make use of a common language runtime; 

each said assembly is packaged as an executable - entity or as a data link library 
entity and 

each said assembly includes one or more methods. 

15. (Original) The method as defined in Claim 12, wherein when the assemblies 
corresponding to the application have permissions to execute that are not less than the 
union of permission sets for each said execution path, any dynamic execution of the 
assemblies corresponding to the application will not trigger a security exception. 

16. (Cancelled) 

17. (Original) The method as defined in Claim 12, wherein the managed code 
environment enforces partial trust security contexts. 

18. (Previously Presented) A computer readable storage medium having a 
tangible component including machine readable instructions for implementing the 
method as defined in claim 12. 



19. (Currently Amended) One or more computer-readable storage media having a 
tangible component comprising instructions that, when executed, perform a simulation of 
the execution of every data and control flow for managed code from which an estimate is 
derived of the minimum security requirements needed to dynamically execute the 
managed code without triggering a security exception, wherein the simulation of the 
execution comprises, for each data and control flow for the managed code, one or more 
simulated stack walks that include two or more of the assemblies , wherein the managed 
code makes use of a common language runtime (CLR) that is loaded upon the first 
invocation of a routine, and wherein the simulated stack walk comprises: 

entering a public entry point of a method in the assembly; 

gathering a permission set for the method; 

determining whether the method calls another method: 

for each called method: 

gathering a permission set for the called method; and 

determining whether the called method calls a subsequent method; and 

creating a union of the gathered permission sets . 



20. (Previously Presented) The one or more computer-readable storage media 
as defined in Claim 19, wherein: 

the managed code, which comprises a plurality of assemblies, is built to make use 
of a common language runtime; 

each said assembly is packaged as an executable entity or as a data link library 
entity and 

each assembly includes one or more methods. 

21. (Previously Presented) The one or more computer-readable storage media 
as defined in Claim 19, wherein the dynamic execution of the managed code occurs in a 
managed code environment comprising: 

a managed code portion including: 

the managed code has one or more assemblies and is a library or an 
executable; and 

a virtual machine; 
a native code portion including: 

an execution engine for the virtual machine; and 

an operating system under the execution engine. 

22. (Previously Presented) The one or more computer-readable storage media 
as defined in Claim 21, wherein: 

the managed code is built to make use of a common language runtime; 



each assembly is packaged as an executable entity or as a data link library entity 

and 

each assembly includes one or more methods. 

23. (Cancelled) 

24. (Previously Presented) The one or more computer-readable storage media 
as defined in Claim 21, wherein: 

each call in each simulated stack walk has a corresponding permissions set; and 
the derived estimate is a union of the permissions sets. 

25. (Previously Presented) The one or more computer-readable storage media 
as defined in Claim 21, wherein the managed code environment enforces partial trust 
security contexts. 

26. (Currently Amended) An apparatus comprising: 
means for processing; 

means for storing information in memory coupled to the means for processing; 

virtual machine means, stored in the memory, in a managed code portion, for 
operating a plurality of assemblies in managed code, wherein the managed code is a 
managed shared library or an executable and is in the managed code portion; 

execution engine means, in a native code portion, for executing the virtual 
machine means; 



means, in the native code portion, for providing an operating system; 
means for making a call in the managed code portion for access by one assembly 
to another assembly for which a permissions set is required; 

means in the managed code portion for gathering the permissions set from each 

call; 

means in the managed code portion for deriving a union of the gathered 
permissions sets; and 

means in the managed code portion for simulating the execution of all possible 
execution paths for the managed shared library or the executable to derive therefrom the 
derived union of the gathered permissions sets wherein the means for simulating the 
execution performs, for each execution path, one or more simulated stack walks that each 
include a plurality of assemblies , and wherein the one or more simulated stack walks 
comprise: 

means for entering a public entry point of a method in the assembly; 
means for gathering a permission set for the method; 
means for determining whether the method calls another method; 
for each called method: 

means for gathering a permission set for the called method; 

means for determining whether the called method calls a subsequent 
method; and 

means for repeating the previous gathering and determining until any gathered 
permission set is duplicative; and 

means for creating a union of the gathered permission sets . 
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27. (Previously Presented) The apparatus as defined in Claim 26, further 
comprising: 

means for compiling the assemblies from an intermediate language code and 
metadata into native code; and 

means for loading the native code with a Common Language Runtime loader in 
the native code portion to load the compiled native code, wherein the execution engine 
means executes the compiled native code in the native code portion. 

28. (Original) The apparatus as defined in Claim 26, wherein the managed code 
portion further comprises one or more files associated with user code that, when 
compiled into an intermediate language code and metadata generated by a language 
compiler, are represented by the assemblies. 

29. (Original) The apparatus as defined in Claim 26, wherein the execution engine 
means in the native code portion further comprises a compiler to compile each said 
assembly into native code for execution by the native code portion. 

30. (Previously Presented) The apparatus as defined in Claim 26, wherein the 
execution engine means in the native code portion further comprises: 

a Just In Time compiler to compile each said assembly into native code; and 
a common language runtime loader to load the compiled native code for execution 
by the native code portion. 



3 1 . (Original) The apparatus as defined in Claim 26, further comprising: 
means, in the native code portion, for forming a response to the call; and 

means for returning the response to the first assembly in the managed code 
portion. 

32. (Original) The apparatus as defined in Claim 26, wherein: 

the managed code is built to make use of a common language runtime; 
each said assembly is packaged as an executable entity or as a data link library 
entity; and 

each said assembly includes one or more methods. 

33. (Original) The apparatus as defined in Claim 32, wherein the simulation of 
the execution comprises, for each said execution path, a simulation of the flow of 
argument data using intra and extra data flow analysis for each said method. 

34. (Original) The apparatus as defined in Claim 26, wherein when the 
executable has permissions to execute that are not less than the union of the gathered 
permissions sets, any dynamic execution of the executable will not trigger a security 
exception. 



35. (Cancelled) 



36. (Previously Presented) The apparatus as defined in Claim 26, wherein each 
call in each simulated stack walk has a corresponding permissions set. 

37. (Original) The apparatus as defined in Claim 26, wherein the managed code 
portion and the native code portion are in a managed code environment that enforces 
partial trust security contexts. 

38. (Currently Amended) A computing device comprising: 
a processor; 

a memory coupled to the processor; 

a managed code portion stored in the memory including a plurality of assemblies 
each being managed code in a managed shared library or in an executable; 
a native code portion stored in the memory including: 
an execution engine ; and 
an operating system under the execution engine; 
a virtual machine interfaced between the managed code portion and the native 
code portion and executed by the execution engine; 

an application program in the managed code portion comprising logic configured 

to: 

simulate the execution of all possible calls from one assembly to another for all 
possible execution paths of the managed code, wherein each assembly call has a 
corresponding permissions set, wherein the simulation of the execution comprises one or 



more simulated stack walks that each include a plurality of the assemblies , and wherein 
the one or more simulated stack walks comprise: 

a public entry point of a method in the assembly; 

a permission set for the method; 

a determination of whether the method calls another method; 
for each called method: 

a permission set for the called method; 

a determination of whether the called method calls a subsequent method; 

and 

a totality of permission sets such that any subsequent permission set is 
duplicative; and 

a union of the permission sets ; and 

derive a union of the permissions sets from each assembly call. 

39. (Original) The computing device as defined in Claim 38, wherein the 
managed code portion further comprises one or more files associated with user code that, 
when compiled into an intermediate language code and metadata generated by a language 
compiler, are represented by: 

the assemblies in the executables; or 
the managed shared library. 

40. (Previously Presented) The computing device as defined in Claim 38, wherein the 
execution engine further comprises: 



a compiler to compile each assembly into native code; and 

a common language runtime loader to load the compiled native code. 

41. (Previously Presented) The computing device as defined in Claim 38, 
wherein: 

the managed code is built to make use of a common language runtime; 

each assembly is packaged as an executable entity or as a data link library entity; 

and 

each assembly includes one or more methods. 

42. (Original) The computing device as defined in Claim 41, wherein the 
simulation of the execution comprises a simulation of the flow of argument data using 
intra and extra method data flow analysis for each said method. 

43. (Original) The computing device as defined in Claim 38, wherein when the 
executable has permissions to execute that are not less than the union of the permissions 
sets from each said assembly call, any dynamic execution of the executable will not 
trigger a security exception. 



44. (Cancelled) 



45. (Original) The computing device as defined in Claim 38, wherein the 
managed code portion and the native code portion are in a managed code environment 
that enforces partial trust security contexts. 

46. (Cancelled) 

47. (Cancelled) 

48. (Cancelled) 

49. (Cancelled) 

50. (Cancelled) 

51. (New) The method of claim 12, wherein the union of the permission sets 
separately identifies a permission set for each public entry point of the library. 



